A web application firewall inspects requests and filters those that are deemed malicious. In comparison, Client Reputation focuses on the source of the request, and determines the extent to which that source has sent malicious requests in the past. Register today for this upcoming webcast to find out more!

SC Magazine's SC Congress returns to London on 3 March, 2015 with an all new programme! Here is your chance to catch a full day of hard-hitting information security news and solutions from leaders in their industries that you can implement for your company.

As employees increasingly have mobile access to the corporate network this webcast will discuss the steps organisations can take to minimise risk among their workforce and detail what a mobile device management policy should look like and how to enforce it. Register today for this SC editorial webcast!

PCI council issues best practice guidance for mobile apps

The Payment Card Industry Security Standards Council (PCI SSC) has released best practice guidance for mobile app developers and device manufacturers.

It said that the main focus of the guidelines is to provide direction on securing mobile device payment processes and the payment environment itself by educating developers in the emerging mobile app market.

Bob Russo, the general manager of the PCI SSC, told SC Magazine US that the new guidelines are particularly relevant today.

“I tell people that convenience trumps security all the time, and people are running quickly to use these new devices and technology, without even thinking about security,” Russo said.

“This guidance is actually for the developers of those devices. We are purposely being cautious. It's such a changing market – you'll put something out today and tomorrow people are using it.”

Key recommendations of the report include isolating sensitive functions and data in trusted environments, implementing secure coding best practices and eliminating unnecessary third-party access and privilege escalation. Developing ways to remotely disable payment functions, in addition to creating tools for mobile apps to monitor and report suspicious activity were also among the recommendations.

The guidelines focus on ways to prevent account data from being intercepted while sent or received on mobile devices or from being compromised while being processed or stored on them.

Troy Leach, the chief technology officer of the council, said that the most recent guidelines reinforce the council's standard payment security goals, while applying them to a mobile space.

“We have a brand new group of developers that aren't of aware of their responsibility,” Leach said.

“They are designing good code, but don't know all it's being used for.”

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.